From 0b9c2dfb162c28fffcb0fc0be7e7566ab70769dd Mon Sep 17 00:00:00 2001
From: Abhishek sahu <58635182+abhi-dev91@users.noreply.github.com>
Date: Wed, 29 Nov 2023 18:06:26 +0530
Subject: [PATCH 1/4] Changed kms policy from var to resource

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index cd86b20..9e37e05 100644
--- a/main.tf
+++ b/main.tf
@@ -218,7 +218,7 @@ EOF
 
 resource "aws_iam_role_policy_attachment" "eks_kms_worker_policy_attachment" {
   role       = aws_iam_role.node_role.name
-  policy_arn = var.kms_policy_arn
+  policy_arn = aws_iam_policy.kubernetes_pvc_kms_policy.arn
 }
 
 resource "aws_iam_role_policy_attachment" "eks_worker_policy" {

From 77af3d80e305cfed3835968637e7625442203510 Mon Sep 17 00:00:00 2001
From: Abhishek sahu <58635182+abhi-dev91@users.noreply.github.com>
Date: Wed, 29 Nov 2023 18:07:06 +0530
Subject: [PATCH 2/4] removed kms policy arn from variables.tf

---
 variables.tf | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/variables.tf b/variables.tf
index 7b1315f..08583a5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -141,11 +141,6 @@ variable "eventRecordQPS" {
   default     = 5
 }
 
-variable "kms_policy_arn" {
-  description = "The KMS policy ARN used for encrypting Kubernetes PVC."
-  type        = string
-  default     = ""
-}
 
 variable "associate_public_ip_address" {
   description = "Set to true to enable network interface for launch template."

From fbf05490417ed40c8a10b83c410f348b3eb48fe5 Mon Sep 17 00:00:00 2001
From: Abhishek sahu <58635182+abhi-dev91@users.noreply.github.com>
Date: Wed, 29 Nov 2023 18:08:00 +0530
Subject: [PATCH 3/4] removed kms policy arn from examples

---
 examples/complete/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index b5903f4..a2d4078 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -119,7 +119,6 @@ module "eks" {
   create_aws_auth_configmap            = true
   default_addon_enabled                = local.default_addon_enabled
   eks_nodes_keypair_name               = module.key_pair_eks.key_pair_name
-  kms_policy_arn                       = module.eks.kms_policy_arn
   aws_auth_roles = [
     {
       rolearn  = "arn:aws:iam::222222222222:role/service-role"

From 7ed8ece0e2f5e30842b6de1f470c6427a3f8b14b Mon Sep 17 00:00:00 2001
From: Rohit Singh <rohit.kumar@squareops.com>
Date: Fri, 1 Dec 2023 12:20:59 +0530
Subject: [PATCH 4/4] updated references and readme.md file

---
 README.md                      | 1 -
 examples/complete-ipv6/main.tf | 3 +--
 examples/complete/main.tf      | 2 +-
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index b933d3c..5bc44ed 100644
--- a/README.md
+++ b/README.md
@@ -180,7 +180,6 @@ In this module, we have implemented the following CIS Compliance checks for EKS:
 | <a name="input_image_high_threshold_percent"></a> [image\_high\_threshold\_percent](#input\_image\_high\_threshold\_percent) | The percentage of disk usage at which garbage collection should be triggered. | `number` | `60` | no |
 | <a name="input_image_low_threshold_percent"></a> [image\_low\_threshold\_percent](#input\_image\_low\_threshold\_percent) | The percentage of disk usage at which garbage collection took place. | `number` | `40` | no |
 | <a name="input_eventRecordQPS"></a> [eventRecordQPS](#input\_eventRecordQPS) | The maximum number of events created per second. | `number` | `5` | no |
-| <a name="input_kms_policy_arn"></a> [kms\_policy\_arn](#input\_kms\_policy\_arn) | The KMS policy ARN used for encrypting Kubernetes PVC. | `string` | `""` | no |
 | <a name="input_associate_public_ip_address"></a> [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Set to true to enable network interface for launch template. | `bool` | `false` | no |
 | <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Specify whether to enable monitoring for nodes. | `bool` | `true` | no |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | The minimum number of nodes for the node group. | `string` | `"1"` | no |
diff --git a/examples/complete-ipv6/main.tf b/examples/complete-ipv6/main.tf
index b83f12b..8c3489a 100644
--- a/examples/complete-ipv6/main.tf
+++ b/examples/complete-ipv6/main.tf
@@ -120,7 +120,6 @@ module "eks" {
   cluster_log_types                    = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   default_addon_enabled                = local.default_addon_enabled
   eks_nodes_keypair_name               = module.key_pair_eks.key_pair_name
-  kms_policy_arn                       = module.eks.kms_policy_arn
   private_subnet_ids                   = module.vpc.private_subnets
   cluster_log_retention_in_days        = 30
   cluster_endpoint_public_access       = true
@@ -171,7 +170,7 @@ module "managed_node_group_production" {
   worker_iam_role_name   = module.eks.worker_iam_role_name
   eks_nodes_keypair_name = module.key_pair_eks.key_pair_name
   k8s_labels = {
-    "Infra-Services" = "true"
+    "Addon-Services" = "true"
   }
   tags         = local.additional_aws_tags
   ipv6_enabled = local.ipv6_enabled
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index a2d4078..4c1d708 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -163,7 +163,7 @@ module "managed_node_group_production" {
   worker_iam_role_name   = module.eks.worker_iam_role_name
   eks_nodes_keypair_name = module.key_pair_eks.key_pair_name
   k8s_labels = {
-    "Infra-Services" = "true"
+    "Addon-Services" = "true"
   }
   tags = local.additional_aws_tags
 }